๐จ CVE-2025-63725
Reflected Cross-Site Scripting (XSS) vulnerability in SVX Portal 2.7A via the id parameter to Recivers.php.
๐@cveNotify
Reflected Cross-Site Scripting (XSS) vulnerability in SVX Portal 2.7A via the id parameter to Recivers.php.
๐@cveNotify
DeepStrike
Reflected XSS via unescaped $_GET['id'] SVX Portal V.2.7A
๐จ CVE-2025-63830
CKFinder 1.4.3 is vulnerable to Cross Site Scripting (XSS) in the File Upload function. An attacker can upload a crafted SVG containing active content.
๐@cveNotify
CKFinder 1.4.3 is vulnerable to Cross Site Scripting (XSS) in the File Upload function. An attacker can upload a crafted SVG containing active content.
๐@cveNotify
Ckeditor
CKFinder - Changelog
Download a ready-to-use CKFinder package for PHP, ASP.NET or JAVA - Changelog
๐จ CVE-2025-13178
A flaw has been found in Bdtask/CodeCanyon SalesERP up to 20250728. This vulnerability affects unknown code of the file /edit_profile of the component User Profile Handler. This manipulation of the argument first_name/last_name causes basic cross site scripting. The attack is possible to be carried out remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
๐@cveNotify
A flaw has been found in Bdtask/CodeCanyon SalesERP up to 20250728. This vulnerability affects unknown code of the file /edit_profile of the component User Profile Handler. This manipulation of the argument first_name/last_name causes basic cross site scripting. The attack is possible to be carried out remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
๐@cveNotify
GitHub
Stored HTML Injection in Sales ERP Software leading to Phishing Risk ยท Issue #2 ยท 4m3rr0r/PoCVulDb
[Stored HTML Injection] in [Sales ERP Software] leading to Phishing Risk ๐จโ๐ป BUG Author: 4m3rr0r ๐ฆ Product Information: Vendor Homepage: https://www.bdtask.com Software Link: https://codecanyon.net...
๐จ CVE-2025-63291
When processing API requests, the Alteryx server 2022.1.1.42654 and 2024.1 used MongoDB object IDs to uniquely identify the data being requested by the caller. The Alteryx server did not check whether the authenticated user had permission to access the specified MongoDB object ID. By specifying particlar MongoDB object IDs, callers could obtain records for other users without proper authorization. Records retrievable using this attack included administrative API keys and private studio api keys.
๐@cveNotify
When processing API requests, the Alteryx server 2022.1.1.42654 and 2024.1 used MongoDB object IDs to uniquely identify the data being requested by the caller. The Alteryx server did not check whether the authenticated user had permission to access the specified MongoDB object ID. By specifying particlar MongoDB object IDs, callers could obtain records for other users without proper authorization. Records retrievable using this attack included administrative API keys and private studio api keys.
๐@cveNotify
Medium
Alteryx Server IDOR Advisory
A vulnerability that allows authenticated users to capture administrative API keys
๐จ CVE-2025-63701
A heap corruption vulnerability exists in the Advantech TP-3250 printer driver's DrvUI_x64_ADVANTECH.dll (v0.3.9200.20789) when DocumentPropertiesW() is called with a valid dmDriverExtra value but an undersized output buffer. The driver incorrectly assumes the output buffer size matches the input buffer size, leading to invalid memory operations and heap corruption. This vulnerability can cause denial of service through application crashes and potentially lead to code execution in user space. Local access is required to exploit this vulnerability.
๐@cveNotify
A heap corruption vulnerability exists in the Advantech TP-3250 printer driver's DrvUI_x64_ADVANTECH.dll (v0.3.9200.20789) when DocumentPropertiesW() is called with a valid dmDriverExtra value but an undersized output buffer. The driver incorrectly assumes the output buffer size matches the input buffer size, leading to invalid memory operations and heap corruption. This vulnerability can cause denial of service through application crashes and potentially lead to code execution in user space. Local access is required to exploit this vulnerability.
๐@cveNotify
Alex Manson
Heap Corruption in Advantech TP 3250 Printer Driver (DrvUI_x64_ADVANTECH.dll) via DocumentPropertiesW
CVE-2025-63701 - Mismatched input output buffers to DocumentPropertiesW trigger a bug in the Advantech TP 3250 usermode driver module, crashing with 0xc0000374 (heap corruption)
๐จ CVE-2025-9647
A weakness has been identified in mtons mblog up to 3.5.0. This issue affects some unknown processing of the file /admin/role/list. This manipulation of the argument Name causes cross site scripting. The attack may be initiated remotely. The exploit has been made available to the public and could be exploited.
๐@cveNotify
A weakness has been identified in mtons mblog up to 3.5.0. This issue affects some unknown processing of the file /admin/role/list. This manipulation of the argument Name causes cross site scripting. The attack may be initiated remotely. The exploit has been made available to the public and could be exploited.
๐@cveNotify
Gitee
langhsu/mblog.git: mblogๅผๆบๅ
่ดน็ๅๅฎข็ณป็ป, Java่ฏญ่จๅผๅ, ๆฏๆmysql/h2ๆฐๆฎๅบ, ้็จspring-bootใjpaใshiroใbootstrap็ญๆต่กๆกๆถๅผๅ
๐จ CVE-2024-28988
SolarWinds Web Help Desk was found to be susceptible to a Java Deserialization Remote Code Execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine. This vulnerability was found by the ZDI team after researching a previous vulnerability and providing this report. The ZDI team was able to discover an unauthenticated attack during their research.
We recommend all Web Help Desk customers apply the patch, which is now available.
We thank Trend Micro Zero Day Initiative (ZDI) for its ongoing partnership in coordinating with SolarWinds on responsible disclosure of this and other potential vulnerabilities.
๐@cveNotify
SolarWinds Web Help Desk was found to be susceptible to a Java Deserialization Remote Code Execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine. This vulnerability was found by the ZDI team after researching a previous vulnerability and providing this report. The ZDI team was able to discover an unauthenticated attack during their research.
We recommend all Web Help Desk customers apply the patch, which is now available.
We thank Trend Micro Zero Day Initiative (ZDI) for its ongoing partnership in coordinating with SolarWinds on responsible disclosure of this and other potential vulnerabilities.
๐@cveNotify
๐จ CVE-2025-10387
A vulnerability was determined in codesiddhant Jasmin Ransomware up to 1.0.1. This vulnerability affects unknown code of the file /handshake.php. This manipulation of the argument machine_name/computer_user/os/date/time/ip/location/systemid/password causes sql injection. The attack can be initiated remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.
๐@cveNotify
A vulnerability was determined in codesiddhant Jasmin Ransomware up to 1.0.1. This vulnerability affects unknown code of the file /handshake.php. This manipulation of the argument machine_name/computer_user/os/date/time/ip/location/systemid/password causes sql injection. The attack can be initiated remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.
๐@cveNotify
GitHub
CVE/Jasmin-Ransomware/sqli_handshake.php.md at main ยท YZS17/CVE
CVE of XU17. Contribute to YZS17/CVE development by creating an account on GitHub.
๐จ CVE-2025-26399
SolarWinds Web Help Desk was found to be susceptible to an unauthenticated AjaxProxy deserialization remote code execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine. This vulnerability is a patch bypass of CVE-2024-28988, which in turn is a patch bypass of CVE-2024-28986.
๐@cveNotify
SolarWinds Web Help Desk was found to be susceptible to an unauthenticated AjaxProxy deserialization remote code execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine. This vulnerability is a patch bypass of CVE-2024-28988, which in turn is a patch bypass of CVE-2024-28986.
๐@cveNotify
๐จ CVE-2025-20338
A vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, local attacker with administrative privileges to execute arbitrary commands as root on the underlying operating system of an affected device.
This vulnerability is due to insufficient validation of user arguments that are passed to specific CLI commands. An attacker could exploit this vulnerability by logging in to the device CLI with valid administrative (level 15) credentials and using crafted commands at the CLI prompt. A successful exploit could allow the attacker to execute arbitrary commands as root.
๐@cveNotify
A vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, local attacker with administrative privileges to execute arbitrary commands as root on the underlying operating system of an affected device.
This vulnerability is due to insufficient validation of user arguments that are passed to specific CLI commands. An attacker could exploit this vulnerability by logging in to the device CLI with valid administrative (level 15) credentials and using crafted commands at the CLI prompt. A successful exploit could allow the attacker to execute arbitrary commands as root.
๐@cveNotify
Cisco
Cisco Security Advisory: Cisco IOS XE Software CLI Argument Injection Vulnerability
A vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, local attacker with administrative privileges to execute arbitrary commands as root on the underlying operating system of an affected device.
This vulnerability is due to insufficientโฆ
This vulnerability is due to insufficientโฆ
๐จ CVE-2025-10987
A vulnerability was determined in YunaiV yudao-cloud up to 2025.09. Affected by this issue is some unknown functionality of the file /crm/contact/transfer of the component HTTP Request Handler. This manipulation of the argument contactId causes improper authorization. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.
๐@cveNotify
A vulnerability was determined in YunaiV yudao-cloud up to 2025.09. Affected by this issue is some unknown functionality of the file /crm/contact/transfer of the component HTTP Request Handler. This manipulation of the argument contactId causes improper authorization. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.
๐@cveNotify
๐จ CVE-2025-55034
General Industrial Controls Lynx+ Gateway is vulnerable to a weak password requirement vulnerability, which may
allow an attacker to execute a brute-force attack resulting in
unauthorized access and login.
๐@cveNotify
General Industrial Controls Lynx+ Gateway is vulnerable to a weak password requirement vulnerability, which may
allow an attacker to execute a brute-force attack resulting in
unauthorized access and login.
๐@cveNotify
GitHub
CSAF/csaf_files/OT/white/2025/icsa-25-317-08.json at develop ยท cisagov/CSAF
CISA CSAF Security Advisories. Contribute to cisagov/CSAF development by creating an account on GitHub.
๐จ CVE-2025-58083
General Industrial Controls Lynx+ Gateway
is missing critical authentication in the embedded web server which could allow an attacker to remotely reset the device.
๐@cveNotify
General Industrial Controls Lynx+ Gateway
is missing critical authentication in the embedded web server which could allow an attacker to remotely reset the device.
๐@cveNotify
GitHub
CSAF/csaf_files/OT/white/2025/icsa-25-317-08.json at develop ยท cisagov/CSAF
CISA CSAF Security Advisories. Contribute to cisagov/CSAF development by creating an account on GitHub.
๐จ CVE-2025-59780
General Industrial Controls Lynx+ Gateway is missing critical authentication in the embedded web server which
could allow an attacker to send GET requests to obtain sensitive device
information.
๐@cveNotify
General Industrial Controls Lynx+ Gateway is missing critical authentication in the embedded web server which
could allow an attacker to send GET requests to obtain sensitive device
information.
๐@cveNotify
GitHub
CSAF/csaf_files/OT/white/2025/icsa-25-317-08.json at develop ยท cisagov/CSAF
CISA CSAF Security Advisories. Contribute to cisagov/CSAF development by creating an account on GitHub.
๐จ CVE-2025-62765
General Industrial Controls Lynx+ Gateway is vulnerable to a cleartext transmission vulnerability that could allow
an attacker to observe network traffic to obtain sensitive information,
including plaintext credentials.
๐@cveNotify
General Industrial Controls Lynx+ Gateway is vulnerable to a cleartext transmission vulnerability that could allow
an attacker to observe network traffic to obtain sensitive information,
including plaintext credentials.
๐@cveNotify
GitHub
CSAF/csaf_files/OT/white/2025/icsa-25-317-08.json at develop ยท cisagov/CSAF
CISA CSAF Security Advisories. Contribute to cisagov/CSAF development by creating an account on GitHub.
๐จ CVE-2025-64307
The Brightpick Internal Logic Control web interface is accessible
without requiring user authentication. An unauthorized user could
exploit this interface to manipulate robot control functions, including
initiating or halting runners, assigning jobs, clearing stations, and
deploying storage totes.
๐@cveNotify
The Brightpick Internal Logic Control web interface is accessible
without requiring user authentication. An unauthorized user could
exploit this interface to manipulate robot control functions, including
initiating or halting runners, assigning jobs, clearing stations, and
deploying storage totes.
๐@cveNotify
Brightpick
Contact us - Brightpick
Interested in exploring how Brightpick can help you cut costs, ship more orders and improve customer service?
๐จ CVE-2025-64308
The Brightpick Mission Control web application exposes hardcoded credentials in its client-side JavaScript bundle.
๐@cveNotify
The Brightpick Mission Control web application exposes hardcoded credentials in its client-side JavaScript bundle.
๐@cveNotify
Brightpick
Contact us - Brightpick
Interested in exploring how Brightpick can help you cut costs, ship more orders and improve customer service?
๐จ CVE-2025-54236
Adobe Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by an Improper Input Validation vulnerability. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality, and integrity impact to high. Exploitation of this issue does not require user interaction.
๐@cveNotify
Adobe Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by an Improper Input Validation vulnerability. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality, and integrity impact to high. Exploitation of this issue does not require user interaction.
๐@cveNotify
Adobe
Adobe Security Bulletin
Security Updates Available for Adobe Commerce | APSB25-88
๐จ CVE-2025-64446
A relative path traversal vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.1, FortiWeb 7.6.0 through 7.6.4, FortiWeb 7.4.0 through 7.4.9, FortiWeb 7.2.0 through 7.2.11, FortiWeb 7.0.0 through 7.0.11 may allow an attacker to execute administrative commands on the system via crafted HTTP or HTTPS requests.
๐@cveNotify
A relative path traversal vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.1, FortiWeb 7.6.0 through 7.6.4, FortiWeb 7.4.0 through 7.4.9, FortiWeb 7.2.0 through 7.2.11, FortiWeb 7.0.0 through 7.0.11 may allow an attacker to execute administrative commands on the system via crafted HTTP or HTTPS requests.
๐@cveNotify
FortiGuard Labs
PSIRT | FortiGuard Labs
None
๐จ CVE-2025-12494
The Image Gallery โ Photo Grid & Video Gallery plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the ajax_import_file function in all versions up to, and including, 2.12.28. This makes it possible for authenticated attackers, with author-level access and above, to move arbitrary image files on the server.
๐@cveNotify
The Image Gallery โ Photo Grid & Video Gallery plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the ajax_import_file function in all versions up to, and including, 2.12.28. This makes it possible for authenticated attackers, with author-level access and above, to move arbitrary image files on the server.
๐@cveNotify
๐จ CVE-2025-12847
The All in One SEO โ Powerful SEO Plugin to Boost SEO Rankings & Increase Traffic plugin for WordPress is vulnerable to unauthorized arbitrary media attachment deletion due to a missing authorization check in all versions up to, and including, 4.8.9. This is due to the REST API endpoint `/wp-json/aioseo/v1/ai/image-generator` only verifying that users have the `edit_posts` capability (Contributors and above) without checking if they own or have permission to delete the specific media attachments. This makes it possible for authenticated attackers, with Contributor-level access and above, to permanently delete arbitrary media attachments by ID via the REST API, granted they can determine valid attachment IDs.
๐@cveNotify
The All in One SEO โ Powerful SEO Plugin to Boost SEO Rankings & Increase Traffic plugin for WordPress is vulnerable to unauthorized arbitrary media attachment deletion due to a missing authorization check in all versions up to, and including, 4.8.9. This is due to the REST API endpoint `/wp-json/aioseo/v1/ai/image-generator` only verifying that users have the `edit_posts` capability (Contributors and above) without checking if they own or have permission to delete the specific media attachments. This makes it possible for authenticated attackers, with Contributor-level access and above, to permanently delete arbitrary media attachments by ID via the REST API, granted they can determine valid attachment IDs.
๐@cveNotify